2005-08-06 “(Listen) Do You Want to Know a Secret”

Sparks were flying this past week in Las Vegas as researcher Michael Lynn, just prior to giving a speech at the Black Hat security conference, quit his job, and then proceeded to change his speech to discuss a known flaw in Cisco routers, and actually demostrated how he could break into one —  within 5 seconds. The legal reps from all three parties scurried to make sure that Michael Lynn would not talk about his findings in the future. But the damage had been done.

<< Getting on my soapbox >>

Why do I bring this up? Some, but not many of us, even use Cisco routers in our SBS servers. But I betcha your bank that you do online business with does, as well as your ISP you use to connect to the Internet. I don’t wish anything bad to anyone, and I’m not here to judge whether Michael or Cisco did the right or wrong thing, but the fact of the matter is that there are companies that need to start stepping up, as Microsoft is trying to do, and address the security vulnerabilities in their products. Shame on everyone involved If its even partly true that this Cisco vulnerability was identified months ago, and nothing was done about it.

http://www2.nwfusion.com/columnists/2005/080105backspin.html
http://www2.nwfusion.com/news/2005/080105-blackhat.html

<< OK … I’m now getting off my soapbox>>

All of this leads me to my song of the week … from the Beatle’s … and, please remember, as with all my parodies, this is done in jest …

(Listen) Do You Want to Know A Secret
aka (Listen) Do You Want to Know an Exploit

WAV:
http://www.iqm.ro/beatles/beatles/doyouwan.wav

You’ll never know how much we really hacked you
You’ ll never know how much harm we really did …

Listen, do you want to know an exploit,
Do you promise not to tell,
Who-o-o-oh….
Closer, I’ve just hacked into your router
Caused a buffer over-flo-o-ow
I’ve just shut you down, o-o-o….

Cisco, do you want to know the truth now
Do you promise you’ll tell all,
Who-o-o-oh….
Fix it! Let me shout it in your ears
Say the words you need to hear
I’ve just broken through, o-o-o….

I’ve known the exploit for a week or two
Now everybody knows, not just you

Listen, are you gonna fix that exploit
Do you promise you’ll be true,
Who-o-o-oh…
Hurry, let me whisper in your ear
Say the words you long to hear
“Here’s the patch for you”, o-o-o….


Kevin Weilbacher [SBS-MVP]
“The days pass by so quickly now, the nights are seldom long”

Leave a Reply

Your email address will not be published. Required fields are marked *